Tag Archives: Part

In his office in suburban Beijing, Zhang proudly demonstrated the physical part of Airdoc’s system – a small desktop device that looks similar to a scanner a neighborhood optometrist might use for a routine eye exam.

You sit on a stool, lean forward, place your chin on a padded brace, and stare into the darkness of an eyepiece. The algorithm then takes over, precisely adjusting the angle of your head until a green cross comes into focus in the gaze of your right eye. A moment later there’s a bright, but not uncomfortable, flash of white light. The process is repeated for your left eye.

The machine has just taken high-resolution medical-grade images of both your retinas. It instantly sends them to the cloud where it takes 20 to 30 milliseconds (about the same time as an eye blink) of computation to analyze both.

Above: Taking a test at Airdoc’s Beijing office.

Moments later an impressively detailed diagnostic dashboard is sent to your smartphone. It rates from low to medium to high your susceptibility to a long list of diseases. If there is a problem, it urges you to seek professional medical help.

Right now, it can search for 30 diseases. More machine learning will soon boost that number to 50, and eventually, it could go beyond 200.

Zhang regards his system as a gamechanger because of its potential to deliver at scale and relieve stretched medical resources. To date, it has scanned more than 1.12 million people, mostly in China, but also in the United States, India, Britain, and parts of Africa. “Airdoc users are all over the world. We hope our deep learning technology can prevent all kinds of disease.”

China, with a population of 1.3 billion, only has about 1,100 eye doctors who are qualified to analyze retinal images. So, the challenge of providing adequate diagnostic services is truly massive – and perhaps no more so than for the epidemic of diabetes.

Authorities estimate as many as 114 million Chinese have diabetes – but only 30 percent of them know that. The other 70 percent are unaware and, without early detection, will eventually be struck down with serious maladies, like blindness, strokes and other potentially fatal conditions.

“Diabetic retinopathy, or DR, is one of the most common and serious complications of diabetes. Once patients feel symptoms, they are already in a severe stage of DR and will go blind without proper treatment,” says Dr. Rui Li Wei (pictured in top image) of Shanghai’s Changzheng Hospital, one of several major medical institutions that now routinely uses Airdoc’s technology as a quick, accurate, and simple diagnostic tool.

BOSTON — IT organizations that plan to tackle developer security skills as part of a DevSecOps shift have started to introduce tools and techniques that can help.

Many organizations have moved past early DevSecOps phases such as a ‘seat at the table‘ for security experts during application design meetings and locked-down CI/CD and container environments. At DevSecCon 2018 here this week, IT pros revealed they’ve begun in earnest to ‘shift security left’ and teach developers how to write more secure application code from the beginning.

“We’ve been successful with what I’d call SecOps, and now we’re working on DevSec,” said Marnie Wilking, global CISO at Orion Health, a healthcare software company based in Boston, during a Q&A after her DevSecCon presentation. “We’ve just hired an application security expert, and we’re working toward overall information assurance by design.”

Security champions and fast feedback shift developer mindset

Orion Health’s plan to bring an application security expert, or security champion, into its DevOps team reflects a model followed by IT security software companies, such as CA Veracode. The goal of security champions is to bridge the gap and liaise between IT security and developer teams, so that groups spend less time in negotiations.

“The security champions model is similar to having an SRE team for ops, where application security experts play a consultative role for both the security and the application development team,” said Chris Wysopal, CTO at CA Veracode in Burlington, Mass., in a presentation. “They can determine when new application backlog items need threat modeling or secure code review from the security team.”

However, no mature DevSecOps process allows time for consultation before every change to application code. Developers must hone their security skills to reduce vulnerable code without input from security experts to maintain app delivery velocity.

The good news is that developer security skills often emerge organically in CI/CD environments, provided IT ops and security pros build vulnerability checks into DevOps pipelines in the early phases of DevSecOps.

Marnie Wilking, global CISO at Orion Health, presents at DevSecCon.

“If you’re seeing builds fail day after day [because of security flaws], and it stops you from doing what you want to get done, you’re going to stop [writing insecure code],” said Julie Chickillo, VP of information security, risk and compliance at Beeline, a company headquartered in Jacksonville, Fla., which sell workforce management and vendor management software.

Beeline built security checks into its CI/CD pipeline that use SonarQube, which blocks application builds if it finds major, critical or limiting application security vulnerabilities in the code, and immediately sends that feedback to developers. Beeline also uses interactive code scanning tools from Contrast Security as part of its DevOps application delivery process.

“It’s all about giving developers constant feedback, and putting information in their hands that helps them make better decisions,” Chickillo said.

Developer security training tools emerge

Application code scans and continuous integration tests only go so far to make applications secure by design. DevSecOps organizations will also use updated tools to further developer security skills training.

Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools.Mark FelegyhaziCEO, Avatao.com Innovative Learning Ltd

“Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools,” said Mark Felegyhazi, CEO of Avatao.com Innovative Learning Ltd, a startup in Hungary that sells developer security skills training software. Avatao competitors in this emerging field include Secure Code Warrior, which offers gamelike interfaces that train developers in secure application design. Avatao also offers a hands-on gamification approach, but its tools also cover threat modeling, which Secure Code Warrior doesn’t address, Felegyhazi said.

Firms also will look to internal and external training resources to build developer security skills. Beeline has sent developers to off-site security training, and plans to set up a sandbox environment for developers to practice penetration testing on their own code, so they better understand the mindset of attackers and how to head them off, Chickillo said.

Higher education must take a similar hands-on approach to bridge the developer security skills gap for graduates as they enter the workforce, said Gabor Pek, CTO at Avatao, in a DevSecCon presentation about security in computer science curricula.

“Universities don’t have security champion programs,” Pek said. “Most of their instruction is designed for a large number of students in a one-size-fits-all format, with few practical, hands-on exercises.”

In addition to his work with Avatao, Pek helped create a bootcamp for student leaders of capture-the-flag teams that competed at the DEFCON conference in 2015. Capture-the-flag exercises offer a good template for the kinds of hands-on learning universities should embrace, he said, since they are accessible to beginners but also challenge experts.

Introduction

Microsoft continues to gain market momentum fueled in part by an internal culture shift and the growing popularity of the Azure cloud platform that powers the company’s popular Office 365 product.

When CEO Satya Nadella took the helm in 2014, he made a concerted effort to turn the company away from its proprietary background to win over developers and enterprises with cloud and DevOps ambitions.

To reinforce this new agenda, Microsoft acquired GitHub, the popular software development platform, for $7.5 billion in June and expanded its developer-friendly offerings in Azure — from Kubernetes management to a Linux-based distribution for use with IoT devices. But many in IT have long memories and don’t easily forget the company’s blunders, which can wipe away any measure of good faith at a moment’s notice.

PowerShell, the popular automation tool, continues to experience growing pains after Microsoft converted it to an open source project that runs on Linux and macOS systems. As Linux workloads on Azure continue to climb — around 40% of Azure’s VMs run on Linux according to some reports — and Microsoft releases Linux versions of on-premises software, PowerShell Core is one way Microsoft is addressing the needs of companies with mixed OS environments.

While this past year solidified Microsoft’s place in the cloud and open source arenas, Nadella wants the company to remain on the cutting edge and incorporate AI into every aspect of the business. The steady draw of income from its Azure product and Office 365 — more than 135 million users — as well as its digital transformation agenda, have proven successful so far. So what’s in store for 2019?

This Microsoft Ignite 2018 guide gives you a look at the company’s tactics over the past year along with news from the show to help IT pros and administrators prepare for what’s coming next on the Microsoft roadmap.

1Latest news on Microsoft–

Recent news on Microsoft’s product and service developments

Stay current on Microsoft’s new products and updated offerings before and during the Microsoft Ignite 2018 show.

2A closer look–

Analyzing Microsoft’s moves in 2018

Take a deeper dive into Microsoft’s developments with machine learning, DevOps and the cloud with these articles.

The dimensions of the connector look correct too (it’s the larger of the HP ones). If that’s what you need, it’s yours posted for £12 (or £13.50 if you need it with the IEC C5 Clover Leaf Mains Cable included).

The 2017 13.3″ MacBook Air (Model No: A1466) (Part No: MQD42B/A) which is the latest was bought new in May this year as an intended gift. The battery cycle count is 17 as I used it briefly to see if I would like one over instead of my MacBook Pro and to install some applications/music from my MacBook Pro it but has now been factory reset and unused for a couple of months as I use my MacBook Pro & iMac much more.

100% mark/scratch free on MacBook Air and zero dead pixels. The MacBook Air box and accessories are in perfect condition also. Full Apple warranty until May 2019.

The 13″ MacBook Air has the follow specs and is the current highest spec one on sale on the Apple store (without customisation):

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Oracle is now offering transaction processing capabilities as part of its Autonomous Database Cloud software platform, which is designed to automate database administration tasks for Oracle users in the cloud.

The vendor launched a new Oracle Autonomous Transaction Processing (ATP) cloud service, expanding on the data warehouse service that debuted in March as the first Autonomous Database Cloud offering. The addition of Oracle ATP enables the automated system to handle both transaction and analytical processing workloads, Oracle executive chairman and CTO Larry Ellison said during a launch event that was streamed live.

Cloud success still a test for Oracle

However, while Ellison taunted Amazon for its longtime reliance on Oracle databases and expressed skepticism about his competitor’s ability to execute a reported plan to completely move off of them by 2020, Oracle lags behind not only AWS but also Microsoft and Google in the ranks of cloud platform vendors.

Make no mistake, Oracle still has to prove themselves in the cloud.Adam Ronthalanalyst, Gartner

“Make no mistake, Oracle still has to prove themselves in the cloud,” Gartner database analyst Adam Ronthal said in an email after the announcement.

And Oracle isn’t starting from a position of strength. Overall, the technology lineup that Oracle currently offers on its namesake cloud doesn’t match the breadth of what users can get on AWS, Microsoft Azure and the Google Cloud Platform, Ronthal said.

But Oracle ATP “helps close that gap, at least in the data management space,” he said.

Together, ATP and the Autonomous Data Warehouse (ADW) service that preceded it “are Oracle coming out to the world with products that are built and architected for cloud,” with promises of scalability, elasticity and a low operational footprint for users, Ronthal said.

The Autonomous Database Cloud services are only available on the Oracle Cloud, and Oracle also limits other key data management technologies to its own cloud platform; for example, it doesn’t offer technical support for its Oracle Real Application Clusters software on other clouds.

In addition, Ronthal noted that it’s typically more expensive to run regular Oracle databases on AWS and Azure than on Oracle’s cloud because of software licensing changes Oracle made last year.

“Oracle is doing everything it can to make its cloud the most attractive place to run Oracle databases,” Ronthal said.

But now the company needs to build some momentum by convincing customers to adopt Oracle ATP and ADW, he added — even if that’s likely to primarily involve existing Oracle users migrating to the cloud services, as opposed to new customers.

Oracle’s autonomous services get a look

Clothing retailer Gap Inc. is a case in point, although the San Francisco company’s use of Oracle databases could grow as part of a plan to move more of its data processing operations to the Oracle Cloud.

For example, Gap is working with Oracle on a proof-of-concept project to convert an on-premises Teradata data warehouse to Oracle ADW, said F.S. Nooruddin, the retailer’s chief IT architect.

That’s a first step in the potential consolidation of various data warehouses into the ADW service, he said. Gap also plans to look closely at Oracle ATP for possible transaction processing uses, according to Nooruddin, who took part in a customer panel discussion during the ATP launch event.

As the retailer’s use of the cloud expands, the Autonomous Database Cloud technologies could help ensure that all of its Oracle database instances, from test and development environments to production systems, are properly patched and secured, Nooruddin said.

Ellison said Oracle ATP also automatically scales the transaction processing infrastructure allotted to users up and down as workloads fluctuate, so they can meet spikes in demand without paying for compute, network and storage resources they don’t need.

That capability appeals to Gap, too, said Connie Santilli, the company’s vice president of enterprise systems and strategy. Gap’s transaction processing and downstream reporting workloads increase sharply during the holiday shopping season — a common occurrence in the retail industry. But Santilli said Gap had to build its on-premises IT architecture to handle the peak performance level, with less flexibility for downsizing systems when the full processing resources aren’t required.

Cloud costs and considerations for Oracle users

In taking aim at AWS, Ellison again said Oracle would guarantee a 50% reduction in infrastructure costs to Amazon users that migrate to Autonomous Database Cloud — a vow he first made at the Oracle OpenWorld 2017 conference.

Meanwhile, Ellison said Oracle customers can use existing on-premises database licenses to make the switch to Oracle ATP and ADW, avoiding the need to pay for the software again. In such cases, users would continue to pay their current annual support fees plus the cost of their cloud infrastructure usage.

The ATP and ADW services layer the automation capabilities Oracle developed on top of Oracle Database 18c, which Oracle released in February as part of a new plan to update the database software annually. During the ATP launch, Ellison disclosed some details about the planned 19c release and the capabilities it will add to Autonomous Database Cloud.

When databases are upgraded to the 19c-based cloud services, the software will automatically check built-in query execution plans and retain the existing ones if they’ll run faster than new ones, Ellison said. That eliminates the need for DBAs to do regression testing on the plans themselves, he added.

Other new features coming with Oracle Database 19c include the ability to configure Oracle ATP and ADW on dedicated Exadata systems in the Oracle Cloud instead of sharing a multitenant pool of the machines, and to deploy the cloud services in on-premises data centers through Oracle’s Cloud@Customer program.

Oracle’s official roadmap shows 19c becoming available in January 2019, but Ellison claimed that was “worst case” and said the new release may be out before the end of this year.

LAS VEGAS — Despite Google’s own Project Zero being part of the discovery team for the Meltdown and Spectre vulnerabilities, Google itself wasn’t notified until 45 days after the initial report was sent to Intel, AMD and ARM.

Speaking at a panel on Meltdown and Spectre disclosure at Black Hat 2018 Wednesday, Matt Linton, senior security engineer and self-described “chaos specialist” at Google’s incident response team, explained how his company surprisingly fell through the cracks when it came time for the chip makers to notify OS vendors about the vulnerabilities.

“The story of Google’s perspective on Meltdown begins with both an act of brilliance and an act of extraordinary miscommunication, which is a real part of how incident response works,” Linton said during the session, titled “Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre.”

Even though Project Zero researcher Jann Horn was part of both the Meltdown and Spectre discovery teams, Linton said, Project Zero never notified Google directly. Instead, the Project Zero group followed strict guidelines for responsible vulnerability disclosure and only notified the “owners” of the bugs, namely the chip makers.

“They feel very strongly in PZ [Project Zero] about being consistent about who they notify and rebuffing criticism that Project Zero gives Google early heads up about bugs and things,” Linton said. “I assure they did not.”

Project Zero notified Intel and the other chip makers about the vulnerabilities on June 1, 2017. It had been previously reported that Google’s incident response team wasn’t looped into the Meltdown and Spectre disclosure process until July, but it wasn’t entirely clear why that was. Linton explained what happened.

“[Project Zero] notified Intel and the other CPU vendors of these speculative execution vulnerabilities and they said a third of the way through the email that ‘We found these, here are the proof of concepts, and by the way, we haven’t told anyone else about this including Google, and it’s now your responsibility to tell anyone you need to tell,’ and somewhere along the line they missed that piece of the email,” he told the audience.

Linton said the CPU vendors began the Meltdown and Spectre disclosure process and started notifying companies that needed to know such as Microsoft, but they apparently believed Google had already been informed because Project Zero was part of the discovery teams. As a result, Google was left out of early stage of the coordinated disclosure process.

“As an incident responder, I didn’t find out about this until mid-July, 45 days after [the chip vendors] discovered it,” Linton said.

The miscommunication regarding Google was just one of several issues that plagued the massive coordinated disclosure effort for Meltdown and Spectre. The panelists, which included Eric Doerr, general manager of the Microsoft Security Response Center, and Christopher Robinson, principal program manager and team lead of Red Hat Product Security Assurance, discussed the ups and down of the complex, seven-month process as well as advice for security researchers and vendors based on their shared experiences.

Editor’s note: Stay tuned for more from this panel on the Meltdown and Spectre disclosure process.

Brand new and sealed Cooler Master ML120L RGB AIO CPU cooler. Came as part of a bundle but not required in my build as I’ve already got a CPU cooler.

Happy to help with any warranty claims that arise, the warranty is for 2 years.

Delivery at cost, or collection welcomed.

Price and currency: £35Delivery: Delivery cost is not includedPayment method: Paypal F&F or BTLocation: Addlestone, SurreyAdvertised elsewhere?: Not advertised elsewherePrefer goods collected?: I prefer the goods to be collected

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Brand new and sealed Cooler Master ML120L RGB AIO CPU cooler. Came as part of a bundle but not required in my build as I’ve already got a CPU cooler.

Happy to help with any warranty claims that arise, the warranty is for 2 years.

Delivery at cost, or collection welcomed.

Price and currency: £35Delivery: Delivery cost is not includedPayment method: Paypal F&F or BTLocation: Addlestone, SurreyAdvertised elsewhere?: Not advertised elsewherePrefer goods collected?: I prefer the goods to be collected

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Brand new and sealed Cooler Master ML120L RGB AIO CPU cooler. Came as part of a bundle but not required in my build as I’ve already got a CPU cooler.

Happy to help with any warranty claims that arise, the warranty is for 2 years.

Delivery at cost, or collection welcomed.

Price and currency: £35Delivery: Delivery cost is not includedPayment method: Paypal F&F or BTLocation: Addlestone, SurreyAdvertised elsewhere?: Not advertised elsewherePrefer goods collected?: I prefer the goods to be collected

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.